Thursday, April 29

Cinco DNSSEC Mayo

For many, the switch on May 5th to the new DNSSEC support in the root server pool is long overdue, for others the swich has people jumpy dreaming up reasons why this will "kill your internet". While Keith Mitchell, head of engineering at root server operator Internet Systems Consortium says "No-one is going to completely lose Internet service as a result of the signed root -- or indeed any DNSSEC deployment efforts -- and I certainly didn't say that it," he says of the Register story. "The worst that is going to happen is that a tiny minority of users behind mis-configured firewall or middleware boxes may experience some performance degradation when their clients have to attempt alternative paths for resolving names," says Mitchell.

As defined by "it was designed to protect the Internet from certain attacks, such as DNS cache poisoning [0]. It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence."

This is intended to protect people from far worse things (phishing, DNS poisoning, rewriting, etc) than having to resolve names through alternate servers. For an easier description wikipedia as always has us covered.

Happy Cinco DNSSEC Mayo!

Wednesday, April 28

Akamai State of the Internet Report

Akamai has released the latest of their reports on the state of the global Internet.  The report is bias toward information relevant to the US, but still has plenty of useful and meaningful global data as well.  A few interesting tidbits:

Top Average Measured Connection Speed (by Country) - South Korea at 11.7Mbps
Canada Average Measured Connection Speed - Not listed (not in the top 10)

Top Unique IP Addresses per Capital (how may IP addresses per person) - Norway at .49 or 1 IP for every two people
Canada - Not listed (not in the top 10)

Top Attacked Port - TCP/445 (Microsoft DS) for 74% of the attack traffic observed.

Check out the report yourself (you have to give them your email address to get access).

Wednesday, April 21

McAfee Botch, Mistake or Intentional?

If you've been keeping up with the news today regarding the McBlunder by McAfee, you might not have thought of the chance that this might be intentional and malicious.  About a year ago a security researcher documented a case where a remote update was maliciously replaced with other code.  Now most products that do remote updates require some cryptographic signature to make sure that the update is legit (I assume, but don't know for sure that this is the case for McAfee updates), but what if the update was tampered and changed before it was signed.  This is not too far fetched and certainly damages McAfee which malware authors never pass up on these types of opportunities.  It will be interesting to see if this angle is explored at all - or at least what McAfee releases after the internal investigation.

And for those affected - here is the official fix at this time via McAfee

Google's Government Transparency

Here's an interesting link regarding the removal requests that Google receives from different Governments around the world. More interesting is that this information (although not detailed) shows that not all requests are complied with. The overview here explains this in a bit more detail, and also indicates that different rules apply to different countries based on their local laws.

Quite interesting.